Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
203
security advisorymoderateconfiguration flawMageia: 2019-0063 Moderate: Cinnamon Icon Configuration Flaw
A flaw was found in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These icon files are written to the respective user's $HOME/.face location. If an unprivileged user prepares a . MGASA-2019-0063 - Updated cinnamon packages fix security vulnerability Publication date: 13 Feb 2019 URL: https://advisories.mageia.org/MGASA-2019-0063.html Type: security Affected Mageia releases: 6 CVE: CVE-2018-13054 A flaw was found in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These icon files are written to the respective user's $HOME/.face location. If an unprivileged user prepares a symlink pointing to an arbitrary location, then this location will be overwritten with the icon content (CVE-2018-13054). References: - https://bugs.mageia.org/show_bug.cgi?id=23272 - https://lists.fedoraproject.org/archives/list/
Feb 13, 2019
Mageia
202
security advisorysoftware updatemoderate severityopenSUSE Leap 42.3: 2018-2125-1 Moderate: Cinnamon Symlink Attack
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for cinnamon ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:2125-1 Rating: moderate References: #1083067 Cross-References: CVE-2018-13054 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cinnamon fixes the following issues: Security issue fixed: - CVE-2018-13054: Fix symlink attack vulnerability (boo#1083067). Bug fixes: - Update to version 3.4.6 (changes since 3.4.4): * osdWindow.js: Always check the theme node on first showing - an actor's width isn't necessarily filled if it hasn't been explicitly set, causing the first few activations of the OSD to not show an accurate level bar. * cs_default: Fix an incorrect button label (but preserve translations). * main.js: Remove an obsolete Meta enum member reference. * workspace.js: Use our normal prototype init method. * workspace.js: Initalise WindowClone._zoomStep to 0. * slideshow-applet: Fix a translation. * cs_themes.py: Create the file "~/.icons/default/index.theme" and set the selected cursor theme inside of it. This ensures other (non-gtk) applications end up using the same theme (though they are required to be restarted for these changes to take effect). * keyboard-applet: Applet icon vanishes when moved in edit mode. * cinnamon-json-makepot: Add keyword option, change language used by xgettext to JavaScript. * expoThumbnail: Correct a couple of calls with mismatched argument counts. * window-list: Set AppMenuButtons unreactive during panel edit mode. * panel-launchers: Set PanelAppLaunchers unreactive during panel edit mode. *windows-quick-list: Fix argument warning. * Fix a reference to undefined actor._delegate warning. * ui/environment: Handle undefined actors in containerClass.prototype.add. * ui/cinnamonDBus: Handle null xlet objects in CinnamonDBus.highlightXlet. * deskletManager: Initialise some variables and remove the variables that were initialised, probable typo Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-767=1 Package List: - openSUSE Leap 42.3 (x86_64): cinnamon-3.4.6-2.3.1 cinnamon-debuginfo-3.4.6-2.3.1 cinnamon-debugsource-3.4.6-2.3.1 cinnamon-gschemas-3.4.6-2.3.1 - openSUSE Leap 42.3 (noarch): cinnamon-gschemas-branding-upstream-3.4.6-2.3.1 References: https://www.suse.com/security/cve/CVE-2018-13054.html https://bugzilla.suse.com/1083067 -- . A patch for openSUSE addresses the symlink vulnerability in Cinnamon, resolving the issue denoted by CVE-2018-13054.. openSUSE Security,Cinnamon Update,Symlink Attack Fix,2018 Vulnerability. . LinuxSecurity.com Team
Jul 28, 2018
OpenSUSE
197
security advisorycriticaldebianDebian 8 Jessie DLA-1420-1 Critical: Cinnamon Symlink Overwrite Risk
It was discovered that there was a symlink attack in the Cinnamon desktop environment. An attacker could overwrite an arbitrary file on the filesystem via . Package : cinnamon Version : 2.2.16-5+deb8u1 CVE ID : CVE-2018-13054 Debian Bug : #903201 It was discovered that there was a symlink attack in the Cinnamon desktop environment. An attacker could overwrite an arbitrary file on the filesystem via a $HOME/.face icon file (as the cinnamon-settings-users.py GUI runs as root). For Debian 8 "Jessie", this issue has been fixed in cinnamon version 2.2.16-5+deb8u1. We recommend that you upgrade your cinnamon packages. Regards, - -- ,'`. : :' : Chris Lamb `. `'`
Jul 13, 2018
•Critical
Debian LTS
89
security advisorysecurity updateFedoraFedora 28: FEDORA-2018-c785c43a8f Moderate: Cinnamon Privilege Escalation
Fix CVE-2018-13054 cinnamon: privilege escalation in cinnamon-settings-users.py GUI. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-c785c43a8f 2018-07-08 21:44:08.567966 --------------------------------------------------------------------------------Name : cinnamon Product : Fedora 28 Version : 3.8.7 Release : 1.fc28 URL : https://github.com/linuxmint/cinnamon Summary : Window management and application launching for GNOME Description : Cinnamon is a Linux desktop which provides advanced innovative features and a traditional user experience. The desktop layout is similar to Gnome 2. The underlying technology is forked from Gnome Shell. The emphasis is put on making users feel at home and providing them with an easy to use and comfortable desktop experience. --------------------------------------------------------------------------------Update Information: Fix CVE-2018-13054 cinnamon: privilege escalation in cinnamon-settings-users.py GUI --------------------------------------------------------------------------------ChangeLog: * Thu Jul 5 2018 Leigh Scott - 3.8.7-1 - Update to 3.8.7 release * Fri Jun 8 2018 Leigh Scott - 3.8.4-1 - Update to 3.8.4 release * Mon May 21 2018 Leigh Scott - 3.8.3-1 - Update to 3.8.3 release * Sun May 6 2018 Leigh Scott - 3.8.2-1 - Update to 3.8.2 release * Sat May 5 2018 Leigh Scott - 3.8.1-3 - Use rebased libnm patch * Wed May 2 2018 Leigh Scott - 3.8.1-2 - Update required versions * Tue May 1 2018 Leigh Scott - 3.8.1-1 - Update to 3.8.1 release - Revert all 3.8.1 network applet changes as they conflict with the libnm patch * Mon Apr 30 2018 Leigh Scott - 3.8.0-4 - Fix possible crash in system tray on start up * Sat Apr 28 2018 Leigh Scott - 3.8.0-3 - Revert "Remove requires caribou as it has been retired (f28+)." * Wed Apr 25 2018 Leigh Scott - 3.8.0-2 - Remove requires caribou as it has been retired(f28+). * Tue Apr 24 2018 Leigh Scott - 3.8.0-1 - Update to 3.8.0 release --------------------------------------------------------------------------------References: [ 1 ] Bug #1598494 - CVE-2018-13054 cinnamon: privilege escalation in cinnamon-settings-users.py GUI [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1598494 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-c785c43a8f' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Jul 08, 2018
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!